Share
## https://sploitus.com/exploit?id=428A14A6-6ED6-5772-85BC-F4C16BCC4F9E
This Python script demonstrates the exploitation of the CVE-2023-25581 vulnerability in pac4j-core. The vulnerability allows an attacker to execute arbitrary code (RCE) by deserializing maliciously crafted Base64-encoded data.
Prerequisites

Before running the script, make sure you have the following installed:

    Python 3.x: Download Python

    requests library: Install it by running the command:

    bash

    pip install requests

Usage

    Clone the Repository:

    Clone this repository to your local machine:

    bash

git clone https://github.com/p33d/CVE-2023-25581
cd CVE-2023-25581

Run the Exploit Script:

To run the script, use the following command in your terminal:

bash

python3 Poc-CVE-2023-25581.py

Input the Target URL:

After running the script, you will be prompted to enter the target URL of the vulnerable application. For example:

bash

Enter the target URL (e.g., http://vulnerable-app.com/api/profile): http://vulnerable-app.com/api/profile

Payload Execution:

If the target is vulnerable, the script will send a payload and attempt to exploit the system. If successful, you may achieve remote code execution (RCE). The script will print the following message if the exploit is successful:

bash

Payload sent successfully! Check your terminal for RCE.

If the exploit fails or the target is not vulnerable, an error message will be displayed.